aboutsummaryrefslogtreecommitdiffstats
path: root/template/en/default/admin/keywords
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2009-02-02 18:59:17 +0000
committerlpsolit%gmail.com <>2009-02-02 18:59:17 +0000
commitd382992164347e076c51d3116a32aeabb2beecd5 (patch)
tree733546d50af433091cac9db779e8ea275dc4c6ce /template/en/default/admin/keywords
parent44341577cd209d8c61fe4129ea72785fc7be9ee5 (diff)
downloadbugs-d382992164347e076c51d3116a32aeabb2beecd5.tar
bugs-d382992164347e076c51d3116a32aeabb2beecd5.tar.gz
bugs-d382992164347e076c51d3116a32aeabb2beecd5.tar.bz2
bugs-d382992164347e076c51d3116a32aeabb2beecd5.tar.xz
bugs-d382992164347e076c51d3116a32aeabb2beecd5.zip
Bug 466692: [SECURITY] keywords and unused flag types can be deleted by bypassing the token check - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'template/en/default/admin/keywords')
-rw-r--r--[-rwxr-xr-x]template/en/default/admin/keywords/confirm-delete.html.tmpl3
-rw-r--r--[-rwxr-xr-x]template/en/default/admin/keywords/list.html.tmpl2
2 files changed, 2 insertions, 3 deletions
diff --git a/template/en/default/admin/keywords/confirm-delete.html.tmpl b/template/en/default/admin/keywords/confirm-delete.html.tmpl
index 6bde05abf..20a6deee7 100755..100644
--- a/template/en/default/admin/keywords/confirm-delete.html.tmpl
+++ b/template/en/default/admin/keywords/confirm-delete.html.tmpl
@@ -31,7 +31,7 @@
<p>
[% IF keyword.bug_count == 1 %]
There is one [% terms.bug %] with this keyword set.
- [% ELSE %]
+ [% ELSIF keyword.bug_count > 1 %]
There are [% keyword.bug_count FILTER html %] [%+ terms.bugs %] with
this keyword set.
[% END %]
@@ -43,7 +43,6 @@
<form method="post" action="editkeywords.cgi">
<input type="hidden" name="id" value="[% keyword.id FILTER html %]">
<input type="hidden" name="action" value="delete">
- <input type="hidden" name="reallydelete" value="1">
<input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="delete"
value="Yes, really delete the keyword">
diff --git a/template/en/default/admin/keywords/list.html.tmpl b/template/en/default/admin/keywords/list.html.tmpl
index 5fb6b3aa6..c400a2362 100755..100644
--- a/template/en/default/admin/keywords/list.html.tmpl
+++ b/template/en/default/admin/keywords/list.html.tmpl
@@ -54,7 +54,7 @@
{
heading => "Action"
content => "Delete"
- contentlink => "editkeywords.cgi?action=delete&amp;id=%%id%%"
+ contentlink => "editkeywords.cgi?action=del&amp;id=%%id%%"
}
]
%]
generated by cgit v1.2.1 (git 2.21.0) at 2025-02-26 23:08:25 +0000